- From: Nick Vidal <nick@iss.im>
- Date: Mon, 6 Sep 2010 11:31:37 -0300
In addition to allow-top-navigation for the iframe's sandbox attribute, I propose the opposite: allow-bottom-navigation. This would allow a parent document to have access to the iframe's browsing-context (even when the user has navigate to a different domain). I'm building a Webtop (a Desktop Environment on top of the Web) that allows users to navigate websites securely through iframes [note 1]. An iframe is necessary to protect the Webtop from being compromised by an untrusted website. However, this also restricts the Webtop from accessing the browsing-context of the iframe. The allow-bottom-navigation would permit the Webtop: a) to provide independent navigation controls for each iframe [note 2]; b) to bookmark a website; c) to save a session (i.e. to save all opened task windows, including those that have an iframe). I don't see any security risks, since the parent document would have access only to the browsing context of the iframe. No other access would be granted. Best regards, Nick Notes: 1) More information here: http://itop.iss.im/ 2) As previously discussed here: http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2010-August/027884.html
Received on Monday, 6 September 2010 07:31:37 UTC